DevOps Security Engineer at TigerConnect

As an integral part of the DevSecOps team, the DevOps Security Engineer is passionate about security and wants to have a meaningful impact within the Healthcare space.  This individual will be part of a team charged with making sure TigerConnect is secure and stays at the top level of security and reliability in the industry. Join us and help manage/secure our AWS hosted infrastructure. Responsibilities will include hands-on security management, monitoring, discovery, and remediation of all security related issues while working cross functionally with other departments on company-wide initiatives and compliance.  

The ideal candidate's background will include a strong emphasis on information security, vulnerability management, infrastructure as code/automation, public cloud infrastructure, compliance, secure software development, and other security best practices.  

What You'll Own:​

• Contribute to the design and integration of cyber security toolsets to enable more automated discovery, remediation, and alerting of system vulnerabilities.
• Build and integrate security tools into the CI/CD pipeline.
• Discover, manage, and remediate findings from security tools, pen test reports, and compliance requirements.
• Manage and maintain compliance and certifications (existing and new).
• Help select and manage relationships with security vendors and partners.
• Analyze and respond to production security notifications in a timely manner.
• Foster DevSecOps culture and advocate for a security-first mindset amongst Security, QA, Development, and DevOps teams.
• Deploying web and service-based applications in multiple instances of our PaaS.
• Continually research, evaluate, and apply emerging technologies to improve security for our products.
• Provide technical oversight to the development process including reviewing the technical design and the deployment architecture.
• Work cross functionally with all departments to assist with security related issues as it relates to engineering, client care, and sales teams.
• Willingness to take ownership, troubleshoot hands-on, and be on-call for security issues in a 24/7 environment.

What You've Accomplished:

• Experience in monitoring and responding to security events
• Proven track record of building and maintaining secure cloud architectures for mission critical Internet-facing applications.
• Experience implementing and maintaining compliance (HIPAA, HI-TRUST, FEDRAMP)
• Experience with build-time dependency management, unit testing and code-coverage tools, test automation techniques and tools.
• Experience and understanding of microservices architecture, design patterns, and secure software development methodologies.
• Experience building and managing infrastructure-as-code including automation/scripting tools and languages.  
• Experience in DevOps culture and the ability to teach and profess is highly desired.
• Ability to communicate security and risk-related concepts to technical and nontechnical audiences at both the executive and working level.

What You Bring to the Table:

• 3+ years of experience, at least 2+ years of commercial experience as a Security Engineer (including at least 1 year of current commercial experience as a DevOps Engineer) with specific focus on public cloud infrastructure, multi-tenant enterprise software security, compliance programs (HIPAA/HiTrust/FedRamp), and supporting production 24x7 highly available infrastructure with a DevOps mindset.   
• Background in information security specializing in securing public cloud environments

• Linux and configuration management tools (Chef and Terraform)
• Strong public cloud experience (AWS)
• Security certifications are a plus (CCSP, CISSP, AWS Security)
• Security policy development, implementation and enforcement.
• Integrating security into a CI/CD pipeline
• SSL certificate and key management policies
• Scripting in either Python, Ruby, or Bash.
• Ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels
• Ability to build systems and tools with little oversight
• Strong team player, working with multiple departments to strengthen Security best practices
• Strong self learner, a track-record of implementing new and rapidly adapting technologies
• Ability to handle high stress situations with ease

#ZP